Adobe is changing the world through digital experiences. Our creative, marketing and document solutions empower everyone — from emerging artists to global brands — to bring digital creations to life and deliver them to the right person
at the right moment for the best results.

Summary

Critical vulnerabilities have been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that one of these issues is being exploited (CVE-2009-0658).

Severity rating

Adobe categorizes this as a critical update and recommends that users apply the update for their product installations.

Details

Critical vulnerabilities have been identified in Adobe Reader and Acrobat 9 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Acrobat and Adobe Reader update their product installations to versions 9.1, 8.1.4, or 7.1.1 using the instructions above to protect themselves from potential vulnerabilities.

The Adobe Reader and Acrobat 9.1 and 7.1.1 updates resolve an input validation issue in a JavaScript method that could potentially lead to remote code execution. This issue has already been resolved in Adobe Reader 8.1.3 and Acrobat 8.1.3. (CVE-2009-0927)
Note: there are reports that this issue is being exploited

Revisions

April 9, 2009 – Bulletin updated with information on reports that CVE-2009-0927 is being exploited
March 24, 2009 – Bulletin updated with information on Adobe Reader 9.1 and Adobe Reader 8.1.4 for Unix updates and additional JBIG2 issues
March 18, 2009 – Bulletin first created